Install latest libgnutls30 to address CVE

I broke these out into a separate Dockerfile section to be explicit about the reason we're installing them.
DSACMS · Feb 19, 2025 · b92a612 · b92a612
1 parent 79dbecb
commit b92a612
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/app/Dockerfile b/app/Dockerfile
@@ -36,6 +36,14 @@ RUN apt-get update -qq && \
       npm=9.2.0~ds1-1 \
       pkg-config=1.8.1-1
 
+# Upgrade packages to address security issues. We should be able to remove these
+# after upgrading the base image to a version that has the upgraded
+# versions by default.
+# hadolint ignore=DL3008
+RUN apt-get install -y --no-install-recommends \
+  libtasn1-6 \
+  libgnutls30
+
 # Copy application code
 COPY . .
 
@@ -121,7 +129,7 @@ RUN apt-get update -qq && \
         python-is-python3=3.11.2-1+deb12u1 \
         python3-venv=3.11.2-1+b1 \
         unzip=6.0-28 \
-        libtasn1-6=4.19.0-2+deb12u1 && \
+        && \
     rm -rf /var/lib/apt/lists /var/cache/apt/archives && \
     curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip" && \
     unzip awscli-bundle.zip && \